DCP-Portal search.php q Variable POST Method XSS

2004-08-28T11:17:51
ID OSVDB:10589
Type osvdb
Reporter Alexander Antipov(antipov@securityLab.ru)
Modified 2004-08-28T11:17:51

Description

Vulnerability Description

DCP-Portal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "q" variable upon submission to the search.php script via the POST method. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

DCP-Portal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "q" variable upon submission to the search.php script via the POST method. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

POST /search.php HTTP/1.1 Host: dcp-portal Content-Type: application/x-www-form-urlencoded Content-Length: 59

PHPSESSID=1&q=XSS code here]&fields=1

References:

Vendor URL: http://www.dcp-portal.org/ Security Tracker: 1006351 Secunia Advisory ID:12751 Related OSVDB ID: 10585 Related OSVDB ID: 11405 Related OSVDB ID: 10586 Related OSVDB ID: 10587 Related OSVDB ID: 10590 Related OSVDB ID: 10588 Related OSVDB ID: 10591 Other Advisory URL: http://www.ptsecurity.ru/advisory.asp Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0131.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0245.html CVE-2004-2511 CVE-2006-0220 Bugtraq ID: 11338